This meant MPs and other staff were unable to access their accounts remotely, but IT services within the parliament building continued to functional normally.

Parliament said in a statement on Sunday that the parliamentary network and systems had been protected from the attack to ensure the Houses’ business could continue.

Although investigations are ongoing, the statement said that “significantly fewer” than 90 of the 9,000 accounts on the parliamentary network had been compromised as a result of the use of weak passwords that did not conform to guidance issued by the Parliamentary Digital Service.

“As they are identified, the individuals whose accounts have been compromised have been contacted and investigations to determine whether any data has been lost are under way,” the statement said, adding that Parliament was putting plans in place to resume its wider IT services.

In an email to parliamentary network account holders late on Friday, Rob Greig, director of the Parliamentary Digital Service, said unusual activity and evidence of an attempted cyber attack had been discovered earlier in the day.

“Closer investigation by our team confirmed that hackers were carrying out a sustained and determined attack on all parliamentary user accounts in attempt to identify weak passwords,” he said. “These attempts were specifically trying to gain access to users emails.”

Although the Parliamentary Digital Service was able to detect the unusual activity indicating that an attempted cyber attack was under way and took swift action to limit the potential impact by temporarily shutting down remote access to the network, it is unclear why password guidance was not enforced properly.

The statement issued by Parliament appears to blame to account holders for not following official password guidelines, but uncovers that fact that there is no mechanism for enforcing password policy.

UK security services believe the attack is more likely to be state-sponsored than carried out by group of hackers, according to The Guardian, which cited an unnamed security source as saying it was a brute force attack that appeared to be state-sponsored.

The incident comes just days after it emerged that the passwords and email addresses of MPs, parliamentary staff, diplomats and senior police officers had been sold, bartered and then made available for free on Russian-speaking hacking forums.

The Guardian reported that the Russian government was the top suspect in the parliamentary attack, but the paper’s source also said it was “notoriously difficult” to attribute an incident to a specific actor, and security commentators have said it is too early to say who was responsible.

“Such an attack is very simple and cheap to organise, and virtually any teenager could be behind it,” said Ilia Kolochenko, CEO of web security company High-Tech Bridge.

“I would abstain from blaming any state-sponsored hacking groups because with such an unacceptably low level of security, they have likely already been reading all emails for many years without leaving a trace.”

Fundamentals ignored

Kolochenko said this incident highlighted once again that cyber security fundamentals were being ignored even by the governments of leading countries.

“Today, two-factor authentication, advanced IP filtering and anomalies detection systems are a must-have for critical systems accessible from the internet,” he said.

“Strict password policies and regular audits for weak and non-compliant passwords are also vital for corporate security. However, apparently, none of these simple but efficient security controls were properly implemented.”

Anurag Kahol, CTO at security firm Bitglass, said the apparent failure to implement the correct controls effectively had resulted in a denial of service attack because legitimate users were locked out for most of the weekend.

“Strong authentication policies, including multi-factor authentication, combined with user behaviour analytics not only within applications, but across applications, could have prevented the need to block users from being able to access work applications,” he said. “This holds especially true for cloud-based applications which, by definition, are available from any device, anywhere.”

Join the conversation

1 comment

Register

I agree to TechTarget’s Terms of Use, Privacy Policy, and the transfer of my information to the United States for processing to provide me with relevant information as described in our Privacy Policy.

Please check the box if you want to proceed.

I agree to my information being processed by TechTarget and its Partners to contact me via phone, email, or other means regarding information relevant to my professional interests. I may unsubscribe at any time.

Your password has been sent to:

Please create a username to comment.

More crazy libtard tin foil hat Russian conspiracy theories. The Guardian is a putrid, vile Marxist propaganda front anyway.There has always been ZERO evidence of Russian hacking, the 'elite' or Central banking oligarchy that controls the West wants to control the oil/gas supply to Europe and Russia is currently a major supplier and Assad was pro Russia and blocking the potential pipeline.The NWO also want to create a third world war to reduce population and pave the way for a world government which is why they're acting more aggressively toward Russia, China and North Korea.